Crypto scam apps infiltrate Apple App Store and Google Play

Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. Pig butchering scams have been happening for a few years. They use involve fake websites, malicious advertising, and social engineering. By adding fraudulent apps to official download platforms, scammers can gain a victim's trust easier. Researchers at cybersecurity company Sophos say that the scammers are targeting victims on Facebook or Tinder and convince them to download the fraudulent apps and "Invest" large amounts of money into assets purported to be real. Sophos observed such a campaign from a China-based threat group named "ShaZhuPan," which shows high organizational levels with distinct teams doing victim interaction, finance, franchise, and money laundering. The fraudsters appear to target male users over Facebook and Tinder using women's profiles with stolen images from other social media accounts. The profiles the scammers control were built to reflect a lavish lifestyle, with photos of high-end restaurants, expensive shops, and exotic locations. After gaining the victims' trust, the scammers say that they have an uncle working for a financial analysis firm and launch an invitation to trade cryptocurrency via an app on Play Store or App Store. The fraudsters guide the victim through their first investment, instructing them to create a deposit on the legitimate cryptocurrency exchange platform Binance and then transfer the amount to the fake app. The malicious apps used in the campaign that Sophos observed are named "Ace Pro" and "MBM BitScan" on the Apple App Store and "BitScan" on Play Store. The apps let the victim withdraw small amounts of cryptocurrency initially but then lock their accounts when larger amounts are involved. The initial withdrawal is enough to make the victims trust the scheme and keep investing. The method used to bypass the security checks in the mobile apps stores is quite simple. For infiltrating the App Store, the ShaZhuPan gang submits an app signed with a valid certificate issued by Apple, a requirement for getting any code to be accepted into the iOS repository. Until the approval is obtained, the app connects to a benign server and its behavior is legitimate. Once it passes the review, the developer changes the domain and the app connects to a malicious server. After launching the app, the victim sees a cryptocurrency trading interface delivered from the malicious server. Everything displayed is fake, except for the user's deposit. Sophos researchers discovered that the BitScan apps for Android and iOS have a different vendor name but communicate with the same command and control server, from a domain that appears to impersonate bitFlyer, a legitimate cryptocurrency exchange company in Japan. Because these apps are only downloaded by a small number of targeted users, they're not massively reported for fraud, making it hard for app store security reviewers to identify them as fraudulent and remove them. Pig butchering scams yield high profits in a short time, so the scammers are motivated to put in the time and effort to gain the trust of their victims through extensive communication. This lengthy engagement, the initial withdrawal, and the convincing interface in the fake apps make it difficult for the victim to see through the scam. Sophos also points out that the emergence of "FinTech" has normalized people's trust in these software tools and when the apps are sourced from official Apple and Google stores, the sense of legitimacy is high.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 01 Feb 2023 14:46:02 +0000


Cyber News related to Crypto scam apps infiltrate Apple App Store and Google Play

The Limitations of Google Play Integrity API - This overview outlines the history and use of Google Play Integrity API and highlights some limitations. We also compare and contrast Google Play Integrity API with the comprehensive mobile security offered by Approov. Google provides app attestation ...
1 year ago Securityboulevard.com
Pig Butchering: Fake Trading Apps Target Crypto on Apple, Google Play Stores - Pig Butchering scam targets crypto users with fake trading apps on Apple and Google Play Stores. These apps, found on Apple’s App Store and Google Play, and on phishing sites, are part of a Pig Butchering scam targeting cryptocurrency investors ...
2 months ago Hackread.com
Fraudulent "CryptoRom" Apps Slip Through Apple and Google App Store Review Process - Pig Butchering, also known as Sha Zhu Pan and CryptoRom, is an ugly name for an ugly scam. What is new is that apps perpetrating the scam can be downloaded from the official Apple and Android app stores - giving them greater apparent validity to ...
1 year ago Securityweek.com
Crypto scam apps infiltrate Apple App Store and Google Play - Operators of high-yielding investment scams known as "Pig butchering" have found a way to bypass the defenses in Google Play and Apple's App Store, the official repositories for Android and iOS apps. Pig butchering scams have been happening for a few ...
1 year ago Bleepingcomputer.com
ChatGPT Clone Apps Collecting Personal Data on iOS, Play Store - On Android devices, one of the apps analyzed by researchers has more than 100,000 downloads, tracks, and shares location data with ByteDance and Amazon, etc. ChatGPT, the AI software, has already taken the Internet by storm, and that is why ...
1 year ago Hackread.com
Fraudsters Successfully Inserted Cryptocurrency Programs into Apple and Google's App Stores - Scammers were able to get two malicious apps onto the app stores of both Google and Apple, allowing them to trick users into investing in fake cryptocurrency. According to a report from Sophos, the apps, Ace Pro and MBM BitScan, were found on both ...
1 year ago Therecord.media
Google Online Security Blog: I/O 2024: What's new in Android security and privacy - As their tactics evolve in sophistication and scale, we continually adapt and enhance our advanced security features and AI-powered protections to help keep Android users safe. Today, we're announcing more new fraud and scam protection features ...
7 months ago Security.googleblog.com
What Do Apple's EU App Store Changes Mean for App Developers? - In order to comply with the European Union's Digital Markets Act, Apple announced on Jan. 25 changes to its payment system for app sellers in the EU, and that it was letting go of the hold its App Store has over iOS app distribution in the EU. As ...
10 months ago Techrepublic.com
Fake app impersonating LastPass spotted in Apple's App Store The Register - LastPass says a rogue application impersonating its popular password manager made it past Apple's gatekeepers and was listed in the iOS App Store for unsuspecting folks to download and install. A screenshot of the fake LastPass app in the Apple App ...
10 months ago Go.theregister.com
Android 15, Google Play get new anti-malware and anti-fraud features - Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. Announced at Google I/O 2024, the new features are designed not only to help end users but also ...
7 months ago Bleepingcomputer.com
More Android apps riddled with malware spotted on Google Play - An Android remote access trojan known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023. The malicious apps, which have now been removed from Google Play but ...
10 months ago Bleepingcomputer.com
SpyLoan Android malware on Google Play downloaded 12 million times - More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious ...
1 year ago Bleepingcomputer.com
New Xamalicious Android malware installed 330k times on Google Play - A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store. McAfee, a member of the App Defense Alliance, discovered 14 infected apps on Google ...
11 months ago Bleepingcomputer.com
New Wave of 'Anatsa' Banking Trojans Targets Android Users in Europe - The campaign has been ongoing for at least four months and is the latest salvo from the operators of the malware, which first surfaced in 2020 and has previously notched victims in the US, Italy, United Kingdom, France, Germany, and other countries. ...
10 months ago Darkreading.com
Data Insecurity: Experts Sound the Alarm on 4 Apps Putting User Privacy at Risk - Even though many of us rely on apps to entertain us, guide us, manage our exercise, and connect with family and friends, they are notoriously hard to trust. In an age when technology is constantly evolving, it is almost impossible to tell if a ...
1 year ago Cysecurity.news
Over 90 malicious Android apps with 5.5M installs found on Google Play - Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. Anatsa is a banking trojan that targets over 650 ...
6 months ago Bleepingcomputer.com
Google Play Apps Promote Unattainable Rewards, Amass 20 Million Downloads - A new category of activity tracking applications has been having massive success recently on Google Play, Androids official app store, having been downloaded on over 20 million devices. The applications promote themselves as health, pedometer, and ...
1 year ago Bleepingcomputer.com
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto - Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets. Published with the name Ledger Live Web3, the fake application ...
1 year ago Bleepingcomputer.com
Android adware apps on Google Play amass two million installs - Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices. In their latest monthly mobile threat report, Doctor Web's analysts identified trojans on ...
1 year ago Bleepingcomputer.com
Google promises a rescue patch for Android 14's "ransomware" bug - So Android 14 has this pretty horrible storage bug for upgrading users. Bugs are always going to happen, but the big problem with this is that Google has seemingly been ignoring it, and on Friday we wrote about how users have been piling up hundreds ...
1 year ago Arstechnica.com
Fake LastPass password manager spotted on Apple's App Store - LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. The fake app uses a similar name to the genuine app, a similar icon, and a red-themed interface ...
10 months ago Bleepingcomputer.com
Attack of the copycats: How impostor apps and fake app mods could bite you - Instant communication services are among the most popular apps on iOS and Android alike - US non-profit operation Signal has an estimated 40 million users, with the figure rising to 700 million for Telegram, another open-source messaging service. ...
11 months ago Welivesecurity.com
PixPirate: New Android Banking Trojan Targeting Brazilian Financial Institutions - A new Android banking trojan has set its eyes on Brazilian financial institutions to commit fraud by leveraging the PIX payments platform. Italian cybersecurity company Cleafy, which discovered the malware between the end of 2022 and the beginning of ...
1 year ago Thehackernews.com
Google tests blocking side-loaded Android apps with risky permissions - Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. An APK is a file format used to distribute Android apps for installation in the operating ...
10 months ago Bleepingcomputer.com
Google To Pay $700m To Consumers In US Antitrust Settlement - Google agrees to pay $700m to US consumers in antitrust settlement with users and states as Epic presses to 'open Android ecosystem'. Google is to pay $700 million and allow more competition in its Play app store as part of an antitrust settlement ...
1 year ago Silicon.co.uk

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)